|
|
Configuring authenticated access | Firewall policy authentication |
The FortiGate unit performs authentication only on requests to access HTTP, HTTPS, FTP, and Telnet. Once the user is authenticated, the user can access other services if the firewall policy permits.
4Select the position of the DNS policy so that it precedes the policy that provides access to the Internet.
Figure 25: Move firewall policy position selection
5Select OK.
Configuring authenticated access to the Internet
A policy for accessing the Internet is similar to a policy for accessing a specific network, but the destination address is set to all. The destination interface is the one that connects to the Internet service provider. For general purpose Internet access, the Service is set to ANY.
Access to HTTP, HTTPS, FTP and Telnet sites may require access to a domain name service. DNS requests do not trigger authentication. You must configure a policy to permit unauthenticated access to the appropriate DNS server, and this policy must precede the policy for Internet access.
To configure a firewall policy for access to a DNS server -
1Go to Firewall > Policy.
2Select Create New to create a new firewall policy, enter the following information, and select OK.
Source Interface/ | List of source interfaces available. Select the interface to which |
Zone | computers on your network are connected. |
Source Address | List of source address names. Select all. |
Destination Interface/ List of destination interfaces available. Select the interface that
Zone | connects to the Internet. |
Destination Address List of destination address names. Select all.
Schedule | List of available schedules. Select always. |
Service | List of available services. Select DNS. |
Action | List of available authentication result actions. Select ACCEPT. |
Note: Position the DNS server in the firewall policy list according to the guidelines outlined in “Firewall policy order”.
FortiOS v3.0 MR7 User Authentication User Guide |
|
51 |